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SERVER FOR ROUTING CONNECTIONS TO A CLIENT MACHINE 
CROSS REFERENCE TO RELATED APPLICATIONS 

[0001] The present application claims priority under Article 4 of the Paris Convention 
5 (and corresponding stipulations of other countries) based upon Japanese patent 

application No. 2002-348543, Japanese patent application No. 2003-161246 and Japanese 
patent application No. 2003-345390. The entire disclosure of the aforesaid applications is 
incorporated herein by reference. 

10 FIELD OF THE INVENTION 

[0002] The present invention relates to a method of connecting client devices and a 
server, and to the server and network-enabled home appliances used in this method. Bi- 
directional communications are made possible between a home network and the Internet 
by relatively simple means under the current infrastructure environment with IPv4 

1 5 (Internet Protocol version 4). 

BACKGROUND OF THE INVENTION 

[0003] In a service-delivery environment through Internet-centered public networks, 
values of all information are generally located on a server side rather than a client side. 

20 [0004] Each client (terminal device) is basically a viewer, which browses information 

on the Internet. Each client issues various requests to obtain information from the Internet, 
which in return sends back information for the client. It means that all information is 
collected on the Internet, which offers formulaic information single-directionally. For this 
reason, it is difficult for manufacturers of client terminal devices to create added values 

25 for users. 

[0005] In order to change this circumstance, the server-client relationship must be 
reversed by inverting the access direction. For a home network connected to the Internet, 
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for example, an environment must be created such that access from the Internet to the 
home network is initiated, and services are provided by the home network to the Internet. 
[0006] To achieve this, the internet network needs to be able to uniquely identify each 
device connected to the home network. Home routing and security problems need also to 
5 be resolved. One of the technologies to address this issue is IPv6 (Internet Protocol 
version 6). 

[0007] However, in view of the circumstances regarding the current Japanese carriers 
and Internet service providers, it can be surmised that a considerable amount of time will 
have to be expended until the IPv6 becomes widely available. For example, it will take at 
10 least 2 to 3 years for the currently available IPv4 to depreciate, and the IPv6 service has 
just started on a test basis. 

[0008] In order to achieve an IPv6-enabled network quickly, manufacturers will need 
to expand their business to include ISP level services, which is very costly and unrealistic. 
Furthermore, home network environments vary tremendously with their connection 
15 mechanisms varying widely depending on their carriers and ISP's. Therefore, a new, 

standardized approach is needed to realize the IPv6 environment by taking into account 
all these variations. 

[0009] An example of prior art literature dealing with the above circumstances is JP-A- 
2001-274845. Although this prior art is cited herein, the novelty and inventive step of the 
20 invention according to the present application are not meant to be rendered moot. 

[0010] When attempting to achieve the bi-directional access between the home network 
and the Internet using the IPv6 network in the conventional IPv4 environment, the 
following problems arise. 

[0011] In the current IPv4 environment, for example, when installing a network home 
25 appliance at home, it has to be connected through the home network to a router connected 
to the Internet. In this case the IP address of the network home appliance becomes a 
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private address and cannot be accessed from any network other than this particular home 
network. 

[0012] Thus, conventionally, the access to a network home appliance has been 
achieved by employing a dedicated router capable of controlling the network home 
5 appliance, or by using a data center provided on the Internet to accumulate information 
for controlling the network home appliance and retrieving the information by polling 
from the network home appliance. 

[0013] However, for the case of using the dedicated router, its versatility decreases and 
cost increases. For the case of retrieving the control information by polling, the access 
10 cannot be made real time, and the network and server load increases. 

[0014] In view of the above circumstances, the objective of the present invention is to 
provide an Internet connection system capable of bi-directional communications between 
the home network and the Internet by relatively simple means, enabling manufacturers of 
client-side network home appliances to create added values for users. 

15 

SUMMARY OF THE INVENTION 

[0015] In order to attain the above objective, according to a first main aspect of the 
present invention, there is provided a method for connecting a client device and a server, 

20 the method implemented on an Internet connection system which comprises the client 
device, a relay device, and the server, the server being connected to Internet and also to 
the client device through the relay device and the Internet, comprising the steps of: (a) 
notifying the relay device of an IP address of the server; (b) enabling the relay device to 
establish a TCP/IP session by means of a tunneling connection between the relay device 

25 and the server by use of the IP address; and (c) enabling the relay device to route 
communications via the TCP/IP session from the server to the client device. 



3 



27691. NAT1 5297 

[0016] According to such a structure, all communications related to the client device 
such as a network home appliance are performed through the server on the Internet 
regardless of their carriers and ISP's, enabling the server owners to freely configure and 
control network home appliances and servers on their home or workplace network. Thus 
5 all problems related to conventional home routing, security and individual identification 
of the client device in a private network from servers on the Internet can be solved, and 
extremely open and yet closed networks can be realized. 

[0017] According to one embodiment of the present invention, the relay device is each 
installed in each client device. 
10 [0018] According to another embodiment, in the step (a), the relay device connects to a 
tunneling broker server provided on the Internet, and receives the IP address of the server 
from the tunneling broker server. 

[0019] According to yet another embodiment, the step (b) comprises the steps of: (b-1) 
enabling the relay device to connect to the server by use of the IP address of the server; 

15 (b-2) enabling the server to notify the relay device of an IP address of the relay device for 
establishing the TCP/IP session by means of the tunneling connection; and (b-3) 
establishing the TCP/IP session by means of the tunneling connection between the server 
and the relay device. In this case, the step (b-1) preferably comprises the step of enabling 
the server to perform connection authentication for the relay device; and the step (b-2) 

20 preferably comprises the step of generating the IP address of the relay device depending 
on a result of the connection authentication. 

[0020] According to a second main aspect of the present invention, there is provided a 
network-enabled home appliance, comprising: a control section for receiving a packet, 
the packet including a predetermined command, and controlling the network-enabled 
25 home appliance based on the command; a server address storage section for storing a 
global address of a server located on the Internet; a tunneling establishing section for 
establishing a tunneling connection between the network-enabled home appliance and the 
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server based on the global address of the server; and a packet processing device for 
capsulating/decapsulating packets, the packets communicated with the server through the 
tunneling connection, and routing the packets to the control section or the server. 
[0021] The network-enabled home appliance preferably further comprises: a broker 
5 server address storage section for storing an address of a tunneling broker server located 
on the Internet; and a server address obtaining section for accessing the tunneling broker 
server based on the address of the tunneling broker server, and receiving the global 
address of the server from the tunneling broker server. 

[0022] According to such a structure, all communications related to the network- 

10 enabled home appliance are performed through the server on the Internet regardless of 
their carriers and ISP's, enabling the server owners to freely configure and control 
network home appliances and servers on their home or workplace network. Thus all 
problems related to conventional home routing, security and individual identification of 
the network-enabled equipment in the private network from servers on the Internet can be 

15 solved, and extremely open and yet closed networks can be realized. 

[0023] Further, according to a third main aspect of the present invention, there is 
provided a server used on an Internet connection system which comprises a client device, 
a relay device, and the server, the server being connected to Internet and also to the client 
device through the relay device and the Internet, comprising: a tunneling establishing 

20 section for establishing a tunneling connection to the relay device; a client device 

management device for managing the client device in association with the relay device or 
the tunneling connection; and a routing device for routing a connection, the connection 
from the Internet to the client device, through the tunneling connection to the relay device 
which is connected to the client device, based on management at the client device 

25 management device. 

[0024] According to such a structure, all communications related to the network- 
enabled home appliance are performed through the server regardless of their carriers and 
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ISP's, enabling the server owners to freely configure and control network home 
appliances and servers on their home or workplace network. Thus all problems related to 
conventional home routing, security and individual identification of the network-enabled 
equipment in the private network from servers on the Internet can be solved, and 
5 extremely open and yet closed networks can be realized. 

[0025] According to one embodiment of the present invention, the server further 
comprises: a model identification section for determining if the client device is of a 
predetermined model and /or if the relay device is of a predetermined model; and a 
command conversion section for converting a command to be sent to the client device to 

10 a command in a predetermined format for controlling the client device, based on results 
from the model identification section. In this case, the server preferably comprises: a 
model identification section for determining if the client device is of a predetermined 
model and /or if the relay device is of a predetermined model; and a command conversion 
section for converting a command to be sent to the client device to a command in a 

15 predetermined format for controlling the client device, based on results from the model 
identification section. Preferably, the server further comprises a communication session 
disconnection section for disconnecting communication sessions or limiting packet 
transmissions if the model identification section determines that the client device or the 
relay device is not of the predetermined model. 

20 [0026] According to another embodiment of the present invention, the client device 
includes peripheral equipment, which is communicable with the relay device but cannot 
independently connect to the Internet. 

[0027] According to yet another embodiment of the present invention, the server 
further comprises a network type identification section for determining if a first network 
25 environment connected with the client device and/or the relay device is of a 

predetermined type. In this case, the server preferably further comprises a communication 
session disconnection section for disconnecting communication sessions or limiting 
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packet transmissions if a private network environment connected to the client device or 
the relay device is determined not of the predetermined type. 
[0028] According to yet another embodiment of the present invention, the server 
further comprises a state information obtaining section for obtaining at least one of an 
5 operation state, a usage state and location information of the client device and/or the relay 
device. 

[0029] According to such a structure, all communications related to the client device 
such as a network home appliance are performed through the server on the Internet 
regardless of their carriers and ISP's, enabling the server owners to freely configure and 
1 0 control network home appliances and servers on their home or workplace network. Thus 
all problems related to conventional home routing, security and individual identification 
of the client device in a private network from servers on the Internet can be solved, and 
extremely open and yet closed networks can be realized. 

[0030] Other characteristics and marked effects of the present invention will become 
1 5 apparent to those skilled in the art upon referring to explanations of the following 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS when taken in 
conjunction with the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 
20 [0031] Fig. 1 is a diagram showing an example of a network structure according to one 
embodiment of the present invention; 

[0032] FIG. 2 is a schematic structural view showing an example of a relay device 
according to one embodiment of the present invention; 

[0033] FIG. 3A is a schematic structural view showing an example of an InterServer 
25 according to one embodiment of the present invention; 

[0034] FIG. 3B is a schematic structural view showing an example of a tunneling 
session establishing section according to one embodiment of the present invention; 
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[0035] FIG. 4 is a diagram showing a schematic structure of a filter section; 

[0036] FIG. 5 is a flowchart showing processing at the filter section; 

[0037] FIG. 6 is a diagram showing a schematic structure of a network home appliance 

search section; 

5 [0038] FIG. 7 is a diagram showing an example of a search screen; 

[0039] FIG. 8 is a diagram showing an example of a list display of search results for the 
relay device; 

[0040] FIG. 9 is a diagram showing a control concept of a network home appliance 
control section; 

10 [0041] FIG. 10 is a function diagram showing a communication example in the present 
embodiment; 

[0042] FIG. 1 1 is a function diagram showing another communication example in the 
present embodiment; 

[0043] FIG. 12 is a diagram showing a setup example of the relay device or a network 
15 home appliance; and 

[0044] FIG. 13 is a diagram showing a tunneling connection example between the relay 
device and the InterServer. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
20 [0045] Embodiments of the present invention are described below with reference to the 
accompanying drawings. 

[0046] FIG. 1 is a diagram showing an example of the network structure according to 
one embodiment. Indicated with a reference numeral 1 in this figure is a home network 
connected to a client network home appliance 2 (hereafter, referred to as a "network 
25 home appliance") communicating with IPv4 (with a first communication protocol). The 
home network 1 is, for example, structured using a LAN implemented in each home. 
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Also a relay device 3 according to the present invention is installed in each network home 
appliance 2. 

[0047] The home network 1 is connected to an Internet network (an IPv4 network 4), 
via a communication carrier/ISP. In the IPv4 network 4, communications are performed 
5 using IPv4 (with a second communication protocol). 

[0048] Connected to the IPv4 network 4 is an InterServer 6 (a server according to the 
present invention) for controlling communications of the network home appliance 2 on 
the home network 1 . As described in greater detail herein below, the InterServer 6 has 
broker functions for connecting the network home appliance 2 to a network home 
10 appliance 2a, a personal computer 2b, and a server 2c on a home network la or any other 
home/global network as well as on the IPv4 network 4. 

[0049] Here, the relay device 3 and the InterServer 6 are intended to be manufactured 
by the same manufacturer or under a unified standard, and are designed to interface with 
each other. As described below, the relay device 3 is provided with a private address of 

15 the InterServer 6 with IPv4, so that a TCP/IP session via a tunneling connection may be 
established at the InterServer 6 to enable communications regardless of its carrier or ISP. 
Additionally the network home appliance 2 connected to the home network 1 is also 
intended to be manufactured by the same manufacturer as that of the relay device 3, or 
manufactured under a unified standard. Furthermore, an IP address of the relay device 3 

20 is uniquely generated based on the model or other attributes of the network home 
appliance 2. 

[0050] Note that the network home appliance 2 may be a conventional home appliance 
such as a VCR or a TV, which itself cannot connect to the Internet. In this case, the relay 
device 3 and the network home appliance 2 may be connected through a predetermined 
25 communication interface (IEEE 13 94), and a virtual IP address may be assigned to each 
home appliance 2 as an ID (unique ID). 
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[0051] FIG. 2 is a schematic structural view showing the network home appliance 2 
and the relay device 3. 

[0052] The relay device 3 has an InterServer address storage section 10 for storing a 
global address of the InterServer 6 with IPv4; a relay device address storage section 9 for 
storing a private address assigned to the relay device 3 with IPv4; a tunneling session 
establishing section 1 1 for establishing a tunneling connection with the InterServer 6 
based on the InterServer 6's address; a capsulating processing section 12 for 
capsulating/decapsulating IPv4 packets using IPv4, and performing tunneling 
transmission between the InterServer 6 and a network home appliance I/F and control 
section 20; a routing processing section 13 for routing the decapsulated packets from the 
InterServer 6 to the network home appliance 2; and a packet transmission section 14 for 
transmitting the packets. Also the relay device 3 is provided with an address generation 
section 15 for generating an address for the network home appliance 2. 
[0053] According to such a structure, packets to or from the network home appliance 2 
can be transmitted through a tunnel established with IPv4 between the InterServer 6 and 
the relay device 3. 

[0054] FIG. 3 A is a schematic structural view showing the InterServer 6. 
[0055] The InterServer 6 has an address storage section 16 for associating and storing a 
private address of the relay device 3 with IPv4 (a relay device address 16a) which is the 
information for identifying a tunneling session, and a global address of the client device 
with IPv6 (a network home appliance address 16b); a tunneling session establishing 
section 1 7 for establishing a tunneling connection with the relay device 3 based on the 
address of the relay device 3; a capsulating processing section 18 for 
capsulating/decapsulating the IPv4 packets using IPv4 to thereby enable communications 
with the network home appliance 2; and a routing section 19 for routing communications 
between the network home appliance 2 and other terminals and servers. In addition, the 
InterServer 6 has a network home appliance model identification section 21 for 
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determining the model of the network home appliance 2 based on the IPv4 address of the 
network home appliance 2 or the relay device 3; a command setup section 22 for 
converting a command to be sent to the network home appliance 2 to a predetermined 
command and setting it based on the result from the network home appliance model 
5 identification section 21 ; a filter section 23 for filtering the tunnel-transmitted IPv4 

packets using predetermined rules; and a communication session disconnection section 
24 for disconnecting communication sessions in predetermined cases. Packet 
transmission is performed by a transmission processing section 25. 
[0056] Further, the InterServer 6 is connected to a user management server 30. As 

10 discussed in detail below, the user management server 30 manages user information for 
each relay device 3 or each network home appliance 2, and has a user information 
management DB 3 1 for storing the member information of each user, such as ID, 
password and billing information, as well as model and network information and the like. 
[0057] The information stored in the user management DB 3 1 is utilized when the 

15 tunneling session establishing section 17 establishes a tunneling session. As shown in 
FIG. 3B, the tunneling session establishing section 17 is further provided with a user 
authentication section 28 for authenticating each user based on the user information; and 
a relay device IP address assignment section 29 for assigning an IPv4 private address to 
the relay device 3 to establish the tunneling session. In the case of IPv4, any address 

20 scheme may be used for an IP address assigned to each relay device; for example, a 
private address such as 10.xxx.xxx.xxx may be assigned. This may be generated 
according to predetermined rules depending on the user, model or network information 
mentioned above. It should be noted that a method of generating an address for the relay 
device 3 is not limited to the above scheme. 

25 [0058] Moreover, the InterServer 6 has a Web server 32, which is open to public on the 
Internet (IPv4 network 4), and receives requests from a user of the relay device 3 or the 
network home appliance 2 to allow the user to configure various settings. For example, at 
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least some of the filtering rules applied at the filter section 23 may be changed by the user 
via the Web server 32. Note that the Web server 32 may be accessed through the relay 
device 3 and the InterServer 6 or through the IPv4 network 4. 

[0059] As shown in FIG. 4, the filter section 23 has a filtering rule storage section 33 
5 and a filtering rule setup section 34. The filtering rule storage section 33 and the filtering 
rule setup section 34 are connected to the Web server 32, which is open to public on the 
Internet (IPv4 network 4) and is installed with an interface generation section 35 for 
interacting with the InterServer, as shown in FIG.3 A. A user connected to the Web 
server 32 can enter or change the filtering rules by displaying on the user's terminal an 

10 interface generated by the interface generation section 35. Possible filtering rules which 
may be configured here include, for example, ones related to security. 
[0060] Purposes of the security filtering rules are possibly to: (1) deny all access 
attempts to the home network from outside; (2) deny all access attempts to the home 
network from outside except from pre-approved servers (Web sites) and networks; and 

15 (3) allow access to the home network from outside without restriction. Thus, the filtering 
method may allow only specific ports or may deny all access attempts. 
[0061] Additionally, access from the home network 1 to preset external servers may be 
restricted to, for example, prevent children from accessing harmful contents and to 
generally prevent users from accessing fraudulent Web sites. 

20 [0062] These filtering rules may be configured after ID and password authentication by 
a user authentication section 36, which is provided in the Web server 32 and connectable 
to the user management server 30 as shown in FIG.3A. 

[0063] The filtering rule setup section 34, which configures the filtering rules based on 
the user entry as described above, also has a function to generate the filtering rules 
25 automatically based on the member information (such as billing and terminal model 

information) stored in the user management server 30 without using the user entry. For 
example, the filtering rules may be configured as a gateway to, for example, allow no 
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connections or allow access only to specific servers depending on the user's attributes 
and membership dues payment status. 

[0064] These filtering rules as a gateway may be used to control vendors which provide 
a fee-based business via the InterServer 6. For example, the InterServer 6 may be 
5 provided with a proxy server 38, as shown in FIG.3A, for storing addresses a user 

accesses in a database (user access information 39) and managing them to thereby allow 
the user to connect only to those addresses preset in the filtering rule setup section 34. In 
this case, it is preferred to implement a function to recognize which services the user uses 
and terms of each service contract in addition to the user ID and password in the user 
1 0 information management DB 3 1 , and control transactions according to the terms. For 
specific vendors, only samples, but not the true screens, may be displayed to users who 
have not completed a registration procedure. 

[0065] FIG. 5 is a flowchart showing processing at the filter section 23. First, when a 
tunneling session is started, the filter section 23 configures the filtering rules based on the 

1 5 member information received from the user management server 30 (step SI). Next it 
receives information of the destination to which the user requested connection (for 
example, a Web site address) from the proxy server 38 (step S2). Then the filter section 
23 applies the filtering rules to the connection destination information, determines 
whether or not the access should be permitted (step S3), and disconnects the 

20 communication session through the communication session disconnection section 24 if 
the connection is not permitted (step S4). If the connection is permitted, the filter section 
23 determines if the session is still valid (step S5). If so, the processing of the steps S2-S5 
is repeated. If the session is no longer valid, the processing is terminated. 
[0066] Also the proxy server 38 may measure the amount of data transmitted so that it 

25 can deny access from users who have not paid their bills. In this case, the vendor may be 
informed of the ID's, but not the passwords or IP addresses of those users. Thus, the user 
should simply manage a pair of ID and password for the InterServer 6. It is appropriate to 
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check the ID as a key each time for system consistency since the IP address may be 
changed for the user's convenience or other reasons and since there may be a risk of data 
obtained at the vendor side being used for malicious access. 

[0067] Implementation of the filtering rules, and disconnection and connection of 
communication sessions based on these rules are performed by the communication 
session disconnection section 24. Incidentally, filtering methods, gateway methods, and 
other methods using the configured filtering rules are publicly known and therefore 
omitted herein. 

[0068] The InterServer 6 has a network home appliance search section 26 (FIG.3 A) for 
providing users who do not know the address of the network home appliance 2 with an 
ability to find the network home appliance 2. The network home appliance search section 
26 searches for and identifies a desired network home appliance 2 based on user- 
specified information, for example, the operation state of the network home appliance 2 
and the network. 

[0069] To do this, as shown in FIG. 6, the network home appliance search section 26 
has a state information receiving section 40 for receiving state information such as the 
operation state of the network home appliance 2 and the network; a state information 
accumulation section 41 for storing the received state information in association with the 
IP addresses of the network home appliance 2 and relay device 3; and a network home 
appliance control section 42. The state information receiving section 40 receives state 
information of each network home appliance 2 for each of a tunneling domain (the home 
network 1 or the relay device 3) which houses the network home appliance 2. The state 
information receiving section 40 may receive the state information by querying the state 
for each domain either at predetermined intervals or on receipt of a reference request for 
each domain. In the former method, for example, a power ON/OFF state of each network 
home appliance 2 is queried every minute for each relay device registered in the relay 
device address 16a. 
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[0070] The state information accumulation section 41 stores the state information of 
each network home appliance 2 in association with the network home appliance 2 and the 
relay device 3. In this case, the obtained state information includes at least one of an 
operation state, a usage state, location information, property information, information 
5 maintained at a node (the relay device 3 or the network home appliance 2), and 
information useful for identifying the node. 

[0071] The operation state includes at least one of a power state, a network connection 
state and a communication state. The usage state includes at least one of user information, 
operation time information and load information. The location information includes at 
10 least one of a geographical location, coordinate information, a zip code, a room number 
and the like. The property information includes at least one of a type, functions, a shape, 
colors, device information, software information and administrator information of the 
node. 

[0072] Additionally the model determined by the network home appliance model 
15 identification section 21 is individually stored as state information. The state information 
receiving section 40 identifies information obtainable from the network home appliance 2 
based on the model information, and obtains required information in a format appropriate 
for the obtainable information. 

[0073] The network home appliance search section 26 is provided with a connection 
20 request authentication section 27 for connecting to the user management server 30 to 

authenticate the user performing the search or issuing the connection request, and permit 
the search or the connection request. In the case of a user's home network (with the relay 
device 3), for example, only specific users permitted to connect to this home network are 
allowed to search and connect. If the connection request authentication section 27 gives a 
25 positive result, the network home appliance search section 26 accesses the state 

information accumulation section 41 and the address storage section 16, and searches for 
the address of a desired network home appliance 2 (and identifies the relay device 3). 

15 
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[0074] When a user searches for the relay device 3 of the user's own home network 
from the external system using a personal computer, for example, the search results may 
be displayed as a list of all network home appliances 2, as well as their states, which are 
connected to the relay device 3. FIG. 7 is an example of a search screen and FIG. 8 is an 
5 example of a list display of search results for the relay device 3/home network 1. In the 
example of a search interface shown in FIG. 7, there are provided an entry field 43 for 
searching for the relay device 3 and an entry field 44 for searching for the network home 
appliance 2, and they are programmed to enable searching from either one of them. 
[0075] In the example of a search result list display shown in FIG. 8, each terminal 
10 (network home appliance 2) connected to the relay device 3 is listed together with the 

owner, state, type and model information. Further by pressing an operation screen display 
button indicated with 45 in the figure, the network home appliance control section 42 is 
activated and an operation screen (not shown) is displayed according to the type and 
model of the terminal. 

1 5 [0076] FIG. 9 is a conceptual diagram of a control by the network home appliance 
control section 42. 

[0077] First, the network home appliance 2 notifies its operation state in response to a 
request from the state information receiving section 40 (step SI 1) while the relay device 
3 is connected to the InterServer 6 through a tunneling session. At this point, it may be 
20 configured so that the operation state cannot be obtained unless the network home 
appliance 2 logs in the network home appliance control section 42. The obtained 
operation state is accumulated and updated in the state information accumulation section 
41 on a regular basis (step SI 2). 

[0078] Next, the user of the network home appliance 2 logs in from outside using his 
25 ID and password, and identifies a terminal to control from the list as described above to 
activate the network home appliance control section 42 (step SI 3). The network home 
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appliance control section 42 processes all instructions on the server side and sends 
appropriate commands to the terminal equipment to control it. 

[0079] Also the user may select a terminal name from the list to thereby connect to the 
selected network home appliance 2 via routing. Further, the user may enter a specific 
5 state as a search condition and, if a terminal with that condition is found, may connect to 
the terminal directly. Note that the connection to the terminal is made after a tunneling 
connection is established even when the user searches for the terminal from outside of the 
home network via the Web server without using the tunneling connection through the 
InterServer 6. 

10 [0080] Here, the "tunneling" refers to technologies for connecting networks (router) of 
IPv4 and IPv6 through an IPv4 network, and more specifically refers to technologies for 
tunneling to terminate multiple equipment which belong to different networks with a 
VPN (virtual private network). In this embodiment, IPv4 packets communicated among 
equipment are capsulated with IPv4. 

15 [0081] In practice, the respective components 10-42 of the relay device 3 and 

InterServer 6 are configured by use of hard disks in a computer system and computer 
software programs installed in the areas, as well as CPU, RAM, and peripheral equipment 
such as other input and output device for controlling the hard disks to read the programs. 
[0082] Additionally the relay device 3 preferably comprises one computer system 

20 which includes each network home appliance 2, and the InterServer 6 preferably 

comprises a plurality of computer systems which are connected to one another for load 
sharing. For example, the network home appliance search section 26 for managing the 
states of the relay device 3, network home appliance 2 and home network 1 preferably is 
configured in a server with a dedicated transmission interface and a control section. This 

25 is because load sharing may be needed to address an immense number of predicted 

sessions managing ON/OFF and other states of each device. Also when one InterServer 6 
processes relay devices and network home appliances from different manufacturers, there 
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may be provided a plurality of the capsulating processing sections 18, command setup 
sections 22, filter sections 23 and the like. 

[0083] Hereinafter, operations of the relay device 3 and InterServer 6 are described 
below in accordance with communication examples shown in FIG. 10 and later figures. 
5 [0084] FIG. 1 0 shows communications via the InterServer 6 between a network home 
appliance 2 of a home network connected to a relay device 3, and another terminal with 
no relay device 3 provided. 

[0085] This diagram shows a communication session established with the relay device 
3 within a tunneling connection by the tunneling session establishing sections 17 and 1 1 
10 based on the address of the InterServer 6, the IP address assigned to the relay device 3, 
and the address of the network home appliance 2. 

[0086] Once a tunneling communication session is established, packets to the network 
home appliance 2 are transmitted after being capsulated in IPv4 packets for the relay 
device 3 by the capsulating processing section 18. In the relay device 3, the capsulating 
15 processing section 12 decapsulates those packets while the routing processing section 13 
processes routing to the network home appliance 2 based on its address included in the 
packets. Thus a connection to the network home appliance 2 in a home network at home, 
for example, may be activated by an external IPv6 server 7. 

[0087] If the network home appliance 2 is, for example, a home security camera, this 
20 camera may be activated and controlled even when the home owner is outside of home 
through the InterServer 6 and the relay device 3 by connecting the home owner's PDA 
and the like to a nearest IPv6 network. 

[0088] Also in this example, the network home appliance model identification section 
21, the command setup section 22 and the filter section 23 provided in the InterServer 6 
25 function according to the model of the network home appliance 2. 

[0089] The network home appliance model identification section 21 is configured to 
determine the model of the network home appliance 2 and a network environment based 
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on, for example, the address of the relay device 3 or the network home appliance 2 
(address itself or information associated with the address). In this embodiment, the 
network home appliance 2, the relay device 3 and the InterServer 6 are assumed to be 
produced by the same manufacturer or under a unified standard, wherein the model type 
5 or the network environment may be easily determined from the IP address assigned to (or 
generated for) the network home appliance 2 or the relay device 3 connected to the 
network home appliance 2 by presetting a certain set of rules to the IP address. 
[0090] When a special command is required to manage the network home appliance 2, 
the command setup section 22 coverts a command included in the communication from 
10 the IPv6 server 7 to a command specific to the model. For example, commands may be 
generated from a message described in the HTML language. Alternatively, an instruction 
from one IPv6 server 7 may be converted to a plurality of commands for a plurality of 
network home appliances 2. 

[0091] Moreover, the filter section 23 has a function to filter packets passing through 
15 the InterServer 6 based on predetermined rules. These filtering rules may be 

predetermined, for example, at a connection destination relay device 3, each network 
home appliance 2 or each network. The communication session disconnection section 24 
is configured to disconnect communication sessions if the network home appliance model 
identification section 21 does not recognize predetermined models or network 
20 environments, or if the filter section 23 returns a negative result. In addition, if a 

connection destination network home appliance cannot be connected due to its power 
OFF state and the like, and if there are any alternative IPv6 equipment connected to the 
same relay device, communication sessions may still be routed to those other network 
home appliances based on their model or type information. 
25 [0092] FIG. 1 1 is an example of a connection via the InterServer 6 between IPv6 home 
networks which have a relay device 3 and 3', respectively. Each home network is 
connected with a network home appliance A or a network home appliance B, and 
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communications between these two network home appliances A and B are described 
below. 

[0093] Again in this case, the InterServer 6 stores addresses or other information of the 
network home appliances A and B in association with the IPv4 addresses of the 
5 respective relay devices 3. 

[0094] When a connection from one network home appliance A to the other network 
home appliance B is requested, first a communication session within the tunnel 
connection is established between the relay device 3 of the network home appliance A 
and the InterServer 6. Next the relay device 3' is identified based on the address of the 
1 0 network home appliance B included in the packets, to thereby establish a tunneling 

communication session between the InterServer 6 and the relay device 3'. Then the relay 
device 3' performs an intra-network routing based on the IPv6 address of the network 
home appliance B included in the packets. 

[0095] In this way, the two network home appliances may communicate with each 

1 5 other through the InterS erver 6. 

[0096] In the above case, the address of the connection destination network home 
appliance may be unknown when communications between the two network home 
appliances are desired. In this situation, the user who is originating the connection 
accesses the InterServer 6 and activates the network home appliance search section 26. 

20 During this time, for security reasons, the connection request authentication section 27 
authenticates this user and determines if the connection request is legitimate to permit 
searches for the connection destination network home appliance and its user. If the 
desired network home appliance was successfully identified, a tunnel communication 
session is established based on the IPv6 address of the desired network home appliance. 

25 [0097] According to the above structure, all communications related to the network 

home appliance 2 are performed through the InterServer 6 regardless of their carriers and 
ISP's, enabling an owner of the InterServer 6 to freely configure and control the network 
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home appliance 2 or the server 7 on his home or workplace network. Thus all problems 
related to conventional home routing, security and individual identification of the 
network home appliance 2 in the private network from servers on the Internet can be 
solved, and extremely open and yet closed networks can be realized. 
5 [0098] Normally the owner of the InterServer 6 is assumed to be a manufacturer of the 
network home appliance 2. Therefore, this manufacturer may create added values for 
users utilizing the Internet by preparing its own IPv6 equipment lineup compatible with 
the InterServer 6. 

[0099] Next, sign-up of the network home appliance 2 is described below in 

10 accordance with FIG. 12. 

[0100] In the above description, the IP address of the network home appliance 2 is 
received from the relay device 3 side. In practice, however, there are various other 
possible methods. Also the manufacturers and/or the owner of the InterServer 6 may be 
interested in obtaining information on the owner (user) of the network home appliance 2. 

1 5 Furthermore, the address of the network home appliance 2 may in some case be: a factory 
default fixed IPx6 address written into the RAM of the network home appliance 2; or 
determined according to the IPv6 prefix of a connecting relay device 3. 
[0101] Therefore in the present embodiment, as shown in FIG. 12, the user of the 
network home appliance 2 or the relay device 3 should first connect to the user 

20 management server 30 to perform a user registration. The user registration may be done 
by using the network home appliance 2 through the relay device 3, or using IPv4- 
communication-enabled equipment such as an existing personal computer or the like. In 
this embodiment, described is the case wherein the network home appliance 2 and the 
relay device 3 are used. Also in the following, the network home appliance 2 is a terminal 

25 incapable of establishing a network connection by itself, and the address of the network 
home appliance 2 is generated as a virtual address by the relay device 3 using a MAC 
address of the network home appliance 2. 
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[0102] When the user first connects the network home appliance 2 to the relay device 3, 
the relay device 3 connects to the user management server 30 via the ISP/carrier. 
Accordingly, information required for a tunneling connection from the relay device 3 to 
the InterServer 6 is passed to the user management server 30. The user also passes, to the 
user management server 30 through the relay device 3, information about the user, 
identification of the relay device 3 or the network home appliance 2, the model of the 
network home appliance 2, the network 1, billing and the like. In the present example, the 
relay device 3 and each user are issued with an ID and a password, in association with 
which information of the relay device 3 and each user are registered in the user 
information management DB 3 1 . Note that information required for the registration is not 
limited to the above and that the above and other information may not be required if the 
password and billing information are unnecessary. 

[0103] The above-described user management server 30 may be connected to the 
InterServer 6 or may be independently provided on the Internet. 

[0104] FIG. 13 shows an embodiment of a specific method for establishing a tunneling 
connection and a communication session within the tunneling connection. Each of the 
reference numerals/symbols S21-S26 in this figure corresponds to each of the following 
steps S21-S26. 

[0105] In this embodiment, the relay device 3 stores the IPv4 address of the InterServer 
6 therein: this address may be stored in the RAM by the manufacturer as a factory default, 
or may be received from another server and the like upon an actual tunneling connection. 
The former may be employed if there is a single InterServer 6, and the latter may be more 
efficient if there are a plurality of InterServers 6. 

[0106] The diagram in FIG. 13 is an example of the latter, and a tunnel broker 52 is 
provided accordingly. In this case, an IPv4 global address of the tunnel broker 52 is 
preconfigured in a tunnel broker address storage section of the relay device 3. The relay 
device 3 is also preconfigured with the ID and the password (if required) described above. 
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[0107] The relay device 3 first connects to the tunnel broker 52 (step S21). The tunnel 
broker 52 selects from an address database 53 a destination InterServer 6 to which a 
tunnel connection is to be established (step S22), and notifies the relay device 3 of the 
IPv4 address of the InterServer 6 (step S23). In this manner, the relay device 3 can 
5 identify the InterServer 6 and establish the tunneling session (steps S24 and S25). That is, 
the tunneling server performs authentication and IP address assignment based on the 
authentication to establish the tunneling connection, and establishes a TCP/IP connection 
with tunneling. 

[0108] Next, the InterServer 6 announces to other InterServers 6 about this routing to 

1 0 the relay device 3 and/or the network home appliance 2 with the established tunneling 
connection (step S26). In some cases, all of the routing to the relay device 3 and/or the 
network home appliance 2 may be established through the InterSever 6. 
[0109] According to such a structure, if there are multiple InterServers 6, the 
establishment of the tunneling connection may be ensured by using one of them. 

1 5 [0110] It is to be understood that the embodiment heretofore described is no more than 
one embodiment of the present invention, and that various changes and modifications can 
be made, without departing from the scope and spirit of the present invention. 
[0111] For example, the tunneling connection may be established from both the relay 
device 3 and the InterServer 6 in the above one embodiment. However, the tunneling 

20 connection may be generally established only from the relay device 3 in actual 

commercial services. This is due to a rarity of IPv4 fixed IP services. This is because 
routing is impossible if the IPv4 session itself is actually disconnected: in this case, the 
configuration remains intact once the tunneling (in practice the IPv4 connection itself) is 
established until the IPv4 session is disconnected, and the next IPv4 of the relay device 3 

25 is seldom the same as before. 

[0112] Further, the above one embodiment illustrated with the first protocol as IPv4 
and the second protocol as IPv4 is not intended to limit to these protocols. The first 
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protocol may be IPv6. Also both the first and the second protocols may be IPv6. 
Furthermore, both may be other than the above protocols. 

[0113] In the above one embodiment, the relay device 3 is integrally provided with 
each network home appliance 2, but it may be separately provided and one relay device 
may be shared by a plurality of network home appliances. Also the network home 
appliance and the relay device may be connected via LAN. 

[0114] Having described the invention, the above examples are given to illustrate 
specific applications of the invention including the best mode now known to perform the 
invention. These specific examples are not intended to limit the scope of the invention 
described in this application. 
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